Network Security

Lawsuit claims employee who moved to rival firm stole confidential info


Court filings have accused ticketing company Ticketmaster of using information stolen from a rival firm's computers to spy on its activities. The information was allegedly stolen by a previous employee of the firm, who now works for Ticketmaster. 

The employee in question is Stephen Mead, who was allegedly asked "to use his knowledge of CrowdSurge's internal systems to improperly access those systems for purposes of monitoring CrowdSurge's potential and actual artist-clients, staying abreast of what CrowdSurge was doing and, ultimately, to 'cut [CrowdSurge] off at the knees.'"

In 2015, SongKick (which merged with CrowdSurge), a direct rival of Ticketmaster, brought an antitrust case in the US against Ticketmaster for antitrust violations, anticompetitive behaviour and intentional interference. The case is still ongoing.

New court papers filed by SongKick in California's Federal Court accuse Ticketmaster of hiring the ex-CrowdSurge employee, who allegedly stole tens of thousands of internal company documents from the company, and gave Ticketmaster unauthorised access to SongKick's internal systems.

The papers filed allege that Mead kept 85,000 documents after leaving CrowdSurge, including "confidential weekly head of department reports containing valuable, non-public strategic and financial information; dozens of usernames and passwords to confidential CrowdSurge tools; client lists; presentations to CrowdSurge's board of directors; contracts; and internal corporate business plans and strategies."

The document also alleges that Mead was "willing and eager to share the requested confidential CrowdSurge information with [Tickermaster SVP Zeeshan] Zaidi and others at Ticketmaster because Mead's goal, like those of Defendants generally, was to 'bring down the hammer on CrowdSurge.'"

William Culbert, director of solutions engineering at Bomgar told SC Media UK: “This story highlights how critical it is for companies to ensure that only approved users – from internal employees to external vendors – can access only specified areas of their company network in correspondence to their role.”

One email quoted by the court filing allegedly shows Mead telling other employees: "So ahead of our call later today I've pulled together some info from [CrowdSurge] that might be useful insight into their operations."

Mead also allegedly provided login details to Ticketmaster employees so they could access CrowdSurge's systems,;an email shows him warning of rash use of such systems: "I must stress that as this is access to a live CS tool [so] I would be careful in what you click on as it would be best not the [sic] giveaway that we are snooping around," it said.

In a statement, Ticketmaster told Variety: "Songkick has been forced to conjure up a new set of dubious arguments and theories, resulting in the amended complaint they recently filed ... Songkick's amended complaint is based on the alleged misappropriation of information that Songkick did not even try to keep secret, in some cases could not have kept secret, and in some cases shared with artist managers that work for Live Nation. The claims have no legal merit and Live Nation and Ticketmaster will continue to vigorously defend this case."

Culbert added: “This case takes this notion one step further and highlights the demand for effective and succinct employee off-boarding processes, removing credential access the moment an employee leaves an organisation, as well as ensuring the employee cannot continue to access sensitive information. To truly secure business critical information and or systems an ethos of “zero trust” integrated with ad-hoc, time-bombed access may be the only way of effectively securing the modern enterprise.”

SC contacted Ticketmaster for a comment but it did not respond in time for publication.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.